Home/YARA rules
YARA

YARA rules

5,941 rules indexed · pattern-based malware identification
YARA rules identify and classify malware families through binary patterns, strings, and metadata. Rules below come from multiple open repositories. Expand any rule to see its raw signature.

Rules

50 shown of 5,941
HKTL_NET_GUID_BYTAGE
Detects c# red/black-team tools via typelibguid
source signature-base author Arnim Rupp (https://github.com/ruppde)
view YARA rule 
rule HKTL_NET_GUID_BYTAGE {
    meta:
        description = "Detects c# red/black-team tools via typelibguid"
        reference = "https://github.com/KNIF/BYTAGE"
        license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
        author = "Arnim Rupp (https://github.com/ruppde)"
        date = "2020-12-13"
        modified = "2025-08-15"
        id = "4f87ca2c-3ac1-5733-893e-79665b80ffc3"
    strings:
        $typelibguid0lo = "8e46ba56-e877-4dec-be1e-394cb1b5b9de" ascii wide
    condition:
        (uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and any of them
}
HKTL_NET_GUID_BackNet
Detects c# red/black-team tools via typelibguid
source signature-base author Arnim Rupp (https://github.com/ruppde)
view YARA rule 
rule HKTL_NET_GUID_BackNet {
    meta:
        description = "Detects c# red/black-team tools via typelibguid"
        reference = "https://github.com/valsov/BackNet"
        license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
        author = "Arnim Rupp (https://github.com/ruppde)"
        date = "2020-12-13"
        modified = "2025-08-15"
        id = "91824d18-f46b-5b95-b650-4d710d711cf9"
    strings:
        $typelibguid0lo = "9fdae122-cd1e-467d-a6fa-a98c26e76348" ascii wide
        $typelibguid1lo = "243c279e-33a6-46a1-beab-2864cc7a499f" ascii wide
        $typelibguid2lo = "a7301384-7354-47fd-a4c5-65b74e0bbb46" ascii wide
        $typelibguid3lo = "982dc5b6-1123-428a-83dd-d212490c859f" ascii wide
    condition:
        (uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and any of them
}
HKTL_NET_GUID_BadPotato
Detects c# red/black-team tools via typelibguid
source signature-base author Arnim Rupp (https://github.com/ruppde)
view YARA rule 
rule HKTL_NET_GUID_BadPotato {
    meta:
        description = "Detects c# red/black-team tools via typelibguid"
        reference = "https://github.com/BeichenDream/BadPotato"
        license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
        author = "Arnim Rupp (https://github.com/ruppde)"
        date = "2020-12-28"
        modified = "2025-08-15"
        id = "8bee12fc-fc29-5256-b559-d914ef202c0c"
    strings:
        $typelibguid0lo = "0527a14f-1591-4d94-943e-d6d784a50549" ascii wide
    condition:
        (uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and any of them
}
HKTL_NET_GUID_BlackNET
Detects VB.NET red/black-team tools via typelibguid
source signature-base author Arnim Rupp (https://github.com/ruppde)
view YARA rule 
rule HKTL_NET_GUID_BlackNET {
    meta:
        description = "Detects VB.NET red/black-team tools via typelibguid"
        reference = "https://github.com/BlackHacker511/BlackNET"
        license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
        author = "Arnim Rupp (https://github.com/ruppde)"
        date = "2020-12-30"
        modified = "2025-08-15"
        id = "9fbb3c11-7b11-5910-9c8b-247aeefbaa87"
    strings:
        $typelibguid0lo = "c2b90883-abee-4cfa-af66-dfd93ec617a5" ascii wide
        $typelibguid1lo = "8bb6f5b4-e7c7-4554-afd1-48f368774837" ascii wide
        $typelibguid2lo = "983ae28c-91c3-4072-8cdf-698b2ff7a967" ascii wide
        $typelibguid3lo = "9ac18cdc-3711-4719-9cfb-5b5f2d51fd5a" ascii wide
    condition:
        (uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and any of them
}
HKTL_NET_GUID_BlockEtw
Detects c# red/black-team tools via typelibguid
source signature-base author Arnim Rupp (https://github.com/ruppde)
view YARA rule 
rule HKTL_NET_GUID_BlockEtw {
    meta:
        description = "Detects c# red/black-team tools via typelibguid"
        reference = "https://github.com/Soledge/BlockEtw"
        license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
        author = "Arnim Rupp (https://github.com/ruppde)"
        date = "2020-12-29"
        modified = "2025-08-15"
        id = "c2b72fef-6549-5b53-8ccf-232e8d152e96"
    strings:
        $typelibguid0lo = "daedf7b3-8262-4892-adc4-425dd5f85bca" ascii wide
    condition:
        (uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and any of them
}
HKTL_NET_GUID_BrowserGhost
Detects c# red/black-team tools via typelibguid
source signature-base author Arnim Rupp (https://github.com/ruppde)
view YARA rule 
rule HKTL_NET_GUID_BrowserGhost {
    meta:
        description = "Detects c# red/black-team tools via typelibguid"
        reference = "https://github.com/QAX-A-Team/BrowserGhost"
        license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
        author = "Arnim Rupp (https://github.com/ruppde)"
        date = "2020-12-13"
        modified = "2025-08-15"
        modified = "2025-08-15"
        id = "adcc5d12-c393-5708-ae0b-a85f2187c881"
    strings:
        $typelibguid0lo = "2133c634-4139-466e-8983-9a23ec99e01b" ascii wide
    condition:
        (uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and any of them
        and not pe.is_dll()
}
HKTL_NET_GUID_BrowserPass
Detects c# red/black-team tools via typelibguid
source signature-base author Arnim Rupp (https://github.com/ruppde)
view YARA rule 
rule HKTL_NET_GUID_BrowserPass {
    meta:
        description = "Detects c# red/black-team tools via typelibguid"
        reference = "https://github.com/jabiel/BrowserPass"
        license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
        author = "Arnim Rupp (https://github.com/ruppde)"
        date = "2020-12-28"
        modified = "2025-08-15"
        id = "bad36c36-dbed-527c-a2f5-4dceff1abe4b"
    strings:
        $typelibguid0lo = "3cb59871-0dce-453b-857a-2d1e515b0b66" ascii wide
    condition:
        (uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and any of them
}
HKTL_NET_GUID_Browser_ExternalC2
Detects c# red/black-team tools via typelibguid
source signature-base author Arnim Rupp (https://github.com/ruppde)
view YARA rule 
rule HKTL_NET_GUID_Browser_ExternalC2 {
    meta:
        description = "Detects c# red/black-team tools via typelibguid"
        reference = "https://github.com/mdsecactivebreach/Browser-ExternalC2"
        license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
        author = "Arnim Rupp (https://github.com/ruppde)"
        date = "2020-12-13"
        modified = "2025-08-15"
        id = "8c309522-90e7-5f5a-b456-3a472756d397"
    strings:
        $typelibguid0lo = "10a730cd-9517-42d5-b3e3-a2383515cca9" ascii wide
    condition:
        (uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and any of them
}
HKTL_NET_GUID_BypassUAC
Detects c# red/black-team tools via typelibguid
source signature-base author Arnim Rupp (https://github.com/ruppde)
view YARA rule 
rule HKTL_NET_GUID_BypassUAC {
    meta:
        description = "Detects c# red/black-team tools via typelibguid"
        reference = "https://github.com/cnsimo/BypassUAC"
        license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
        author = "Arnim Rupp (https://github.com/ruppde)"
        date = "2020-12-13"
        modified = "2025-08-15"
        id = "327f581e-1d8c-5d20-bdd7-a29810c619c9"
    strings:
        $typelibguid0lo = "4e7c140d-bcc4-4b15-8c11-adb4e54cc39a" ascii wide
        $typelibguid1lo = "cec553a7-1370-4bbc-9aae-b2f5dbde32b0" ascii wide
    condition:
        (uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and any of them
}
HKTL_NET_GUID_CSharpSetThreadContext
Detects c# red/black-team tools via typelibguid
source signature-base author Arnim Rupp (https://github.com/ruppde)
view YARA rule 
rule HKTL_NET_GUID_CSharpSetThreadContext {
    meta:
        description = "Detects c# red/black-team tools via typelibguid"
        reference = "https://github.com/djhohnstein/CSharpSetThreadContext"
        license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
        author = "Arnim Rupp (https://github.com/ruppde)"
        date = "2020-12-13"
        modified = "2025-08-15"
        id = "883bb859-d5ab-501d-8c83-0c5a2cf1f6c8"
    strings:
        $typelibguid0lo = "a1e28c8c-b3bd-44de-85b9-8aa7c18a714d" ascii wide
        $typelibguid1lo = "87c5970e-0c77-4182-afe2-3fe96f785ebb" ascii wide
    condition:
        (uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and any of them
}
HKTL_NET_GUID_CVE_2019_1064
Detects c# red/black-team tools via typelibguid
source signature-base author Arnim Rupp (https://github.com/ruppde)
view YARA rule 
rule HKTL_NET_GUID_CVE_2019_1064 {
    meta:
        description = "Detects c# red/black-team tools via typelibguid"
        reference = "https://github.com/RythmStick/CVE-2019-1064"
        license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
        author = "Arnim Rupp (https://github.com/ruppde)"
        date = "2020-12-28"
        modified = "2025-08-15"
        id = "4640e874-faa4-58dc-a3f3-18246a343f15"
    strings:
        $typelibguid0lo = "ff97e98a-635e-4ea9-b2d0-1a13f6bdbc38" ascii wide
    condition:
        (uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and any of them
}
HKTL_NET_GUID_CVE_2019_1253
Detects c# red/black-team tools via typelibguid
source signature-base author Arnim Rupp (https://github.com/ruppde)
view YARA rule 
rule HKTL_NET_GUID_CVE_2019_1253 {
    meta:
        description = "Detects c# red/black-team tools via typelibguid"
        reference = "https://github.com/padovah4ck/CVE-2019-1253"
        license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
        author = "Arnim Rupp (https://github.com/ruppde)"
        date = "2020-12-28"
        modified = "2025-08-15"
        id = "3e18b533-1b85-5eaf-bb3d-aa5b90fd2e28"
    strings:
        $typelibguid0lo = "584964c1-f983-498d-8370-23e27fdd0399" ascii wide
    condition:
        (uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and any of them
}
HKTL_NET_GUID_CVE_2020_0668
Detects c# red/black-team tools via typelibguid
source signature-base author Arnim Rupp (https://github.com/ruppde)
view YARA rule 
rule HKTL_NET_GUID_CVE_2020_0668 {
    meta:
        description = "Detects c# red/black-team tools via typelibguid"
        reference = "https://github.com/RedCursorSecurityConsulting/CVE-2020-0668"
        license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
        author = "Arnim Rupp (https://github.com/ruppde)"
        date = "2020-12-28"
        modified = "2025-08-15"
        id = "54c87578-f0f1-5108-a736-b6acd9624d29"
    strings:
        $typelibguid0lo = "1b4c5ec1-2845-40fd-a173-62c450f12ea5" ascii wide
    condition:
        (uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and any of them
}
HKTL_NET_GUID_CVE_2020_1206_POC
Detects .NET red/black-team tools via typelibguid
source signature-base author Arnim Rupp (https://github.com/ruppde)
view YARA rule 
rule HKTL_NET_GUID_CVE_2020_1206_POC {
    meta:
        description = "Detects .NET red/black-team tools via typelibguid"
        reference = "https://github.com/ZecOps/CVE-2020-1206-POC"
        license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
        author = "Arnim Rupp (https://github.com/ruppde)"
        date = "2021-01-21"
        modified = "2025-08-15"
        id = "d70472f3-b19f-5097-bd70-99a7e7812ac4"
    strings:
        $typelibguid0lo = "3523ca04-a12d-4b40-8837-1a1d28ef96de" ascii wide
        $typelibguid1lo = "d3a2f24a-ddc6-4548-9b3d-470e70dbcaab" ascii wide
        $typelibguid2lo = "fb30ee05-4a35-45f7-9a0a-829aec7e47d9" ascii wide
    condition:
        (uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and any of them
}
HKTL_NET_GUID_CVE_2020_1337
Detects c# red/black-team tools via typelibguid
source signature-base author Arnim Rupp (https://github.com/ruppde)
view YARA rule 
rule HKTL_NET_GUID_CVE_2020_1337 {
    meta:
        description = "Detects c# red/black-team tools via typelibguid"
        reference = "https://github.com/neofito/CVE-2020-1337"
        license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
        author = "Arnim Rupp (https://github.com/ruppde)"
        date = "2020-12-13"
        modified = "2025-08-15"
        id = "4b79867d-761c-5aa8-bf8a-60caa50d8aa6"
    strings:
        $typelibguid0lo = "d9c2e3c1-e9cc-42b0-a67c-b6e1a4f962cc" ascii wide
    condition:
        (uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and any of them
}
HKTL_NET_GUID_C_Sharp_R_A_T_Client
Detects c# red/black-team tools via typelibguid
source signature-base author Arnim Rupp (https://github.com/ruppde)
view YARA rule 
rule HKTL_NET_GUID_C_Sharp_R_A_T_Client {
    meta:
        description = "Detects c# red/black-team tools via typelibguid"
        reference = "https://github.com/AdvancedHacker101/C-Sharp-R.A.T-Client"
        license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
        author = "Arnim Rupp (https://github.com/ruppde)"
        date = "2020-12-28"
        modified = "2025-08-15"
        id = "f5df8257-d202-58e3-9c4a-1dfc9dd52f2a"
    strings:
        $typelibguid0lo = "6d9e8852-e86c-4e36-9cb4-b3c3853ed6b8" ascii wide
    condition:
        (uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and any of them
}
HKTL_NET_GUID_Carbuncle
Detects c# red/black-team tools via typelibguid
source signature-base author Arnim Rupp (https://github.com/ruppde)
view YARA rule 
rule HKTL_NET_GUID_Carbuncle {
    meta:
        description = "Detects c# red/black-team tools via typelibguid"
        reference = "https://github.com/checkymander/Carbuncle"
        license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
        author = "Arnim Rupp (https://github.com/ruppde)"
        date = "2020-12-13"
        modified = "2025-08-15"
        id = "4a87882e-570b-5b40-a8e3-47ebac01d257"
    strings:
        $typelibguid0lo = "3f239b73-88ae-413b-b8c8-c01a35a0d92e" ascii wide
    condition:
        (uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and any of them
}
HKTL_NET_GUID_CasperStager
Detects c# red/black-team tools via typelibguid
source signature-base author Arnim Rupp (https://github.com/ruppde)
view YARA rule 
rule HKTL_NET_GUID_CasperStager {
    meta:
        description = "Detects c# red/black-team tools via typelibguid"
        reference = "https://github.com/ustayready/CasperStager"
        license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
        author = "Arnim Rupp (https://github.com/ruppde)"
        date = "2020-12-28"
        modified = "2025-08-15"
        id = "0ad18d2b-b7cc-5316-a8e8-b05d4439b8e1"
    strings:
        $typelibguid0lo = "c653a9f2-0939-43c8-9b93-fed5e2e4c7e6" ascii wide
        $typelibguid1lo = "48dfc55e-6ae5-4a36-abef-14bc09d7510b" ascii wide
    condition:
        (uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and any of them
}
HKTL_NET_GUID_Certify
Detects .NET red/black-team tools via typelibguid
source signature-base author Arnim Rupp (https://github.com/ruppde)
view YARA rule 
rule HKTL_NET_GUID_Certify {
    meta:
        description = "Detects .NET red/black-team tools via typelibguid"
        reference = "https://github.com/GhostPack/Certify"
        license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
        author = "Arnim Rupp (https://github.com/ruppde)"
        date = "2023-03-06"
        modified = "2025-08-11"
        hash = "da585a8d4985082873cb86204d546d3f53668e034c61e42d247b11e92b5e8fc3"
        id = "69f120fe-bd4d-59ba-b1b9-528ab300e450"
    strings:
        $typelibguid0_v1 = "64524ca5-e4d0-41b3-acc3-3bdbefd40c97" ascii wide
        $typelibguid0_v2 = "15cfadd8-5f6c-424b-81dc-c028312d025f" ascii wide
    condition:
        (uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and any of them
}
HKTL_NET_GUID_Change_Lockscreen
Detects c# red/black-team tools via typelibguid
source signature-base author Arnim Rupp (https://github.com/ruppde)
view YARA rule 
rule HKTL_NET_GUID_Change_Lockscreen {
    meta:
        description = "Detects c# red/black-team tools via typelibguid"
        reference = "https://github.com/nccgroup/Change-Lockscreen"
        license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
        author = "Arnim Rupp (https://github.com/ruppde)"
        date = "2020-12-13"
        modified = "2025-08-15"
        id = "a817c6e8-95f9-56c6-97b8-4be06658629f"
    strings:
        $typelibguid0lo = "78642ab3-eaa6-4e9c-a934-e7b0638bc1cc" ascii wide
    condition:
        (uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and any of them
}
HKTL_NET_GUID_CinaRAT
Detects c# red/black-team tools via typelibguid
source signature-base author Arnim Rupp (https://github.com/ruppde)
view YARA rule 
rule HKTL_NET_GUID_CinaRAT {
    meta:
        description = "Detects c# red/black-team tools via typelibguid"
        reference = "https://github.com/wearelegal/CinaRAT"
        license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
        author = "Arnim Rupp (https://github.com/ruppde)"
        date = "2020-12-13"
        modified = "2025-08-15"
        id = "c6b4c919-0fc6-5096-b29b-963142a2c831"
    strings:
        $typelibguid0lo = "8586f5b1-2ef4-4f35-bd45-c6206fdc0ebc" ascii wide
        $typelibguid1lo = "fe184ab5-f153-4179-9bf5-50523987cf1f" ascii wide
    condition:
        (uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and any of them
}
HKTL_NET_GUID_CloneVault
Detects .NET red/black-team tools via typelibguid
source signature-base author Arnim Rupp (https://github.com/ruppde)
view YARA rule 
rule HKTL_NET_GUID_CloneVault {
    meta:
        description = "Detects .NET red/black-team tools via typelibguid"
        reference = "https://github.com/mdsecactivebreach/CloneVault"
        license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
        author = "Arnim Rupp (https://github.com/ruppde)"
        date = "2021-01-21"
        modified = "2025-08-15"
        id = "3340a095-d926-5c85-b7ed-03151712538d"
    strings:
        $typelibguid0lo = "0a344f52-6780-4d10-9a4a-cb9439f9d3de" ascii wide
    condition:
        (uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and any of them
}
HKTL_NET_GUID_Crassus
Detects .NET red/black-team tools via typelibguid
source signature-base author Arnim Rupp (https://github.com/ruppde)
view YARA rule 
rule HKTL_NET_GUID_Crassus {
    meta:
        description = "Detects .NET red/black-team tools via typelibguid"
        reference = "https://github.com/vu-ls/Crassus"
        license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
        author = "Arnim Rupp (https://github.com/ruppde)"
        date = "2023-03-18"
        modified = "2025-08-15"
        id = "d4f94aa3-0431-5ac1-8718-0f0526c3714f"
    strings:
        $typelibguid0lo = "7e9729aa-4cf2-4d0a-8183-7fb7ce7a5b1a" ascii wide
    condition:
        (uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and any of them
}
HKTL_NET_GUID_Crypter_Runtime_AV_s_bypass
Detects c# red/black-team tools via typelibguid
source signature-base author Arnim Rupp (https://github.com/ruppde)
view YARA rule 
rule HKTL_NET_GUID_Crypter_Runtime_AV_s_bypass {
    meta:
        description = "Detects c# red/black-team tools via typelibguid"
        reference = "https://github.com/netreverse/Crypter-Runtime-AV-s-bypass"
        license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
        author = "Arnim Rupp (https://github.com/ruppde)"
        date = "2020-12-13"
        modified = "2025-08-15"
        id = "726cd57b-d88a-5854-b2e1-76d9bd71a155"
    strings:
        $typelibguid0lo = "c25e39a9-8215-43aa-96a3-da0e9512ec18" ascii wide
    condition:
        (uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and any of them
}
HKTL_NET_GUID_CsharpAmsiBypass
Detects c# red/black-team tools via typelibguid
source signature-base author Arnim Rupp (https://github.com/ruppde)
view YARA rule 
rule HKTL_NET_GUID_CsharpAmsiBypass {
    meta:
        description = "Detects c# red/black-team tools via typelibguid"
        reference = "https://github.com/WayneJLee/CsharpAmsiBypass"
        license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
        author = "Arnim Rupp (https://github.com/ruppde)"
        date = "2020-12-13"
        modified = "2025-08-15"
        id = "ca97004e-edc1-5b5a-ac67-e81ae24631aa"
    strings:
        $typelibguid0lo = "4ab3b95d-373c-4197-8ee3-fe0fa66ca122" ascii wide
    condition:
        (uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and any of them
}
HKTL_NET_GUID_Csharp_Loader
Detects c# red/black-team tools via typelibguid
source signature-base author Arnim Rupp (https://github.com/ruppde)
view YARA rule 
rule HKTL_NET_GUID_Csharp_Loader {
    meta:
        description = "Detects c# red/black-team tools via typelibguid"
        reference = "https://github.com/NYAN-x-CAT/Csharp-Loader"
        license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
        author = "Arnim Rupp (https://github.com/ruppde)"
        date = "2020-12-13"
        modified = "2025-08-15"
        id = "bf0c3d93-cbea-54c7-b950-fd4e5a600d07"
    strings:
        $typelibguid0lo = "5fd7f9fc-0618-4dde-a6a0-9faefe96c8a1" ascii wide
    condition:
        (uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and any of them
}
HKTL_NET_GUID_DInvisibleRegistry
Detects c# red/black-team tools via typelibguid
source signature-base author Arnim Rupp (https://github.com/ruppde)
view YARA rule 
rule HKTL_NET_GUID_DInvisibleRegistry {
    meta:
        description = "Detects c# red/black-team tools via typelibguid"
        reference = "https://github.com/NVISO-BE/DInvisibleRegistry"
        license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
        author = "Arnim Rupp (https://github.com/ruppde)"
        date = "2020-12-28"
        modified = "2025-08-15"
        id = "98409bbe-6346-5825-b7f7-c1afeac2b038"
    strings:
        $typelibguid0lo = "31d576fb-9fb9-455e-ab02-c78981634c65" ascii wide
    condition:
        (uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and any of them
}
HKTL_NET_GUID_DInvoke
Detects .NET red/black-team tools via typelibguid
source signature-base author Arnim Rupp (https://github.com/ruppde)
view YARA rule 
rule HKTL_NET_GUID_DInvoke {
    meta:
        description = "Detects .NET red/black-team tools via typelibguid"
        reference = "https://github.com/TheWover/DInvoke"
        license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
        author = "Arnim Rupp (https://github.com/ruppde)"
        date = "2021-01-21"
        modified = "2025-08-15"
        id = "f3b0ef47-a92c-5c5d-a9e2-09579fcb438e"
    strings:
        $typelibguid0lo = "b77fdab5-207c-4cdb-b1aa-348505c54229" ascii wide
    condition:
        (uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and any of them
}
HKTL_NET_GUID_DInvoke_PoC
Detects c# red/black-team tools via typelibguid
source signature-base author Arnim Rupp (https://github.com/ruppde)
view YARA rule 
rule HKTL_NET_GUID_DInvoke_PoC {
    meta:
        description = "Detects c# red/black-team tools via typelibguid"
        reference = "https://github.com/dtrizna/DInvoke_PoC"
        license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
        author = "Arnim Rupp (https://github.com/ruppde)"
        date = "2020-12-13"
        modified = "2025-08-15"
        id = "f3b0ef47-a92c-5c5d-a9e2-09579fcb438e"
    strings:
        $typelibguid0lo = "5a869ab2-291a-49e6-a1b7-0d0f051bef0e" ascii wide
    condition:
        (uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and any of them
}
HKTL_NET_GUID_DLL_Injection
Detects c# red/black-team tools via typelibguid
source signature-base author Arnim Rupp (https://github.com/ruppde)
view YARA rule 
rule HKTL_NET_GUID_DLL_Injection {
    meta:
        description = "Detects c# red/black-team tools via typelibguid"
        reference = "https://github.com/ihack4falafel/DLL-Injection"
        license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
        author = "Arnim Rupp (https://github.com/ruppde)"
        date = "2020-12-13"
        modified = "2025-08-15"
        id = "aec4fc28-9aa2-5eef-9fb1-d187a83a72b3"
    strings:
        $typelibguid0lo = "3d7e1433-f81a-428a-934f-7cc7fcf1149d" ascii wide
    condition:
        (uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and any of them
}
HKTL_NET_GUID_DLL_Injector
Detects c# red/black-team tools via typelibguid
source signature-base author Arnim Rupp (https://github.com/ruppde)
view YARA rule 
rule HKTL_NET_GUID_DLL_Injector {
    meta:
        description = "Detects c# red/black-team tools via typelibguid"
        reference = "https://github.com/tmthrgd/DLL-Injector"
        license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
        author = "Arnim Rupp (https://github.com/ruppde)"
        date = "2020-12-13"
        modified = "2025-08-15"
        id = "301e70f4-89ed-539c-b7f3-9fc6ae1393b3"
    strings:
        $typelibguid0lo = "4581a449-7d20-4c59-8da2-7fd830f1fd5e" ascii wide
        $typelibguid1lo = "05f4b238-25ce-40dc-a890-d5bbb8642ee4" ascii wide
    condition:
        (uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and any of them
}
HKTL_NET_GUID_DarkEye
Detects c# red/black-team tools via typelibguid
source signature-base author Arnim Rupp (https://github.com/ruppde)
view YARA rule 
rule HKTL_NET_GUID_DarkEye {
    meta:
        description = "Detects c# red/black-team tools via typelibguid"
        reference = "https://github.com/K1ngSoul/DarkEye"
        license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
        author = "Arnim Rupp (https://github.com/ruppde)"
        date = "2020-12-13"
        modified = "2025-08-15"
        id = "5dc6702f-a398-5be2-9df8-9a2ddc636a1f"
    strings:
        $typelibguid0lo = "0bdb9c65-14ed-4205-ab0c-ea2151866a7f" ascii wide
    condition:
        (uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and any of them
}
HKTL_NET_GUID_DarkFender
Detects c# red/black-team tools via typelibguid
source signature-base author Arnim Rupp (https://github.com/ruppde)
view YARA rule 
rule HKTL_NET_GUID_DarkFender {
    meta:
        description = "Detects c# red/black-team tools via typelibguid"
        reference = "https://github.com/0xyg3n/DarkFender"
        license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
        author = "Arnim Rupp (https://github.com/ruppde)"
        date = "2020-12-13"
        modified = "2025-08-15"
        id = "0aea5e05-7788-5581-8bcc-d2e75a291dd9"
    strings:
        $typelibguid0lo = "12fdf7ce-4a7c-41b6-9b32-766ddd299beb" ascii wide
    condition:
        (uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and any of them
}
HKTL_NET_GUID_DecryptAutoLogon
Detects c# red/black-team tools via typelibguid
source signature-base author Arnim Rupp (https://github.com/ruppde)
view YARA rule 
rule HKTL_NET_GUID_DecryptAutoLogon {
    meta:
        description = "Detects c# red/black-team tools via typelibguid"
        reference = "https://github.com/securesean/DecryptAutoLogon"
        license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
        author = "Arnim Rupp (https://github.com/ruppde)"
        date = "2020-12-28"
        modified = "2025-08-15"
        id = "3ef58da9-16c1-54cf-9d06-a05680548cf5"
    strings:
        $typelibguid0lo = "015a37fc-53d0-499b-bffe-ab88c5086040" ascii wide
    condition:
        (uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and any of them
}
HKTL_NET_GUID_DesktopGrabber
Detects c# red/black-team tools via typelibguid
source signature-base author Arnim Rupp (https://github.com/ruppde)
view YARA rule 
rule HKTL_NET_GUID_DesktopGrabber {
    meta:
        description = "Detects c# red/black-team tools via typelibguid"
        reference = "https://github.com/NYAN-x-CAT/DesktopGrabber"
        license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
        author = "Arnim Rupp (https://github.com/ruppde)"
        date = "2020-12-13"
        modified = "2025-08-15"
        id = "7db07291-d6d4-5527-a879-27f899dbd6fe"
    strings:
        $typelibguid0lo = "e6aa0cd5-9537-47a0-8c85-1fbe284a4380" ascii wide
    condition:
        (uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and any of them
}
HKTL_NET_GUID_DeviceGuardBypasses
Detects c# red/black-team tools via typelibguid
source signature-base author Arnim Rupp (https://github.com/ruppde)
view YARA rule 
rule HKTL_NET_GUID_DeviceGuardBypasses {
    meta:
        description = "Detects c# red/black-team tools via typelibguid"
        reference = "https://github.com/tyranid/DeviceGuardBypasses"
        license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
        author = "Arnim Rupp (https://github.com/ruppde)"
        date = "2020-12-13"
        modified = "2025-08-15"
        id = "3790faac-b5be-5999-b35f-71a2ef02b6ed"
    strings:
        $typelibguid0lo = "f318466d-d310-49ad-a967-67efbba29898" ascii wide
        $typelibguid1lo = "3705800f-1424-465b-937d-586e3a622a4f" ascii wide
        $typelibguid2lo = "256607c2-4126-4272-a2fa-a1ffc0a734f0" ascii wide
        $typelibguid3lo = "4e6ceea1-f266-401c-b832-f91432d46f42" ascii wide
        $typelibguid4lo = "1e6e9b03-dd5f-4047-b386-af7a7904f884" ascii wide
        $typelibguid5lo = "d85e3601-0421-4efa-a479-f3370c0498fd" ascii wide
    condition:
        (uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and any of them
}
HKTL_NET_GUID_Disable_Windows_Defender
Detects c# red/black-team tools via typelibguid
source signature-base author Arnim Rupp (https://github.com/ruppde)
view YARA rule 
rule HKTL_NET_GUID_Disable_Windows_Defender {
    meta:
        description = "Detects c# red/black-team tools via typelibguid"
        reference = "https://github.com/NYAN-x-CAT/Disable-Windows-Defender"
        license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
        author = "Arnim Rupp (https://github.com/ruppde)"
        date = "2020-12-13"
        modified = "2025-08-15"
        id = "9a673427-e66e-594b-942a-64a2272319f3"
    strings:
        $typelibguid0lo = "501e3fdc-575d-492e-90bc-703fb6280ee2" ascii wide
    condition:
        (uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and any of them
}
HKTL_NET_GUID_DoHC2
Detects c# red/black-team tools via typelibguid
source signature-base author Arnim Rupp (https://github.com/ruppde)
view YARA rule 
rule HKTL_NET_GUID_DoHC2 {
    meta:
        description = "Detects c# red/black-team tools via typelibguid"
        reference = "https://github.com/SpiderLabs/DoHC2"
        license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
        author = "Arnim Rupp (https://github.com/ruppde)"
        date = "2020-12-13"
        modified = "2025-08-15"
        id = "0bb38f10-ca5c-5c18-97c9-540b6367d150"
    strings:
        $typelibguid0lo = "9877a948-2142-4094-98de-e0fbb1bc4062" ascii wide
    condition:
        (uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and any of them
}
HKTL_NET_GUID_DotNetAVBypass_Master
Detects c# red/black-team tools via typelibguid
source signature-base author Arnim Rupp (https://github.com/ruppde)
view YARA rule 
rule HKTL_NET_GUID_DotNetAVBypass_Master {
    meta:
        description = "Detects c# red/black-team tools via typelibguid"
        reference = "https://github.com/lockfale/DotNetAVBypass-Master"
        license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
        author = "Arnim Rupp (https://github.com/ruppde)"
        date = "2020-12-13"
        modified = "2025-08-15"
        id = "4004271b-4fbe-58bb-9613-a077e76324b3"
    strings:
        $typelibguid0lo = "4854c8dc-82b0-4162-86e0-a5bbcbc10240" ascii wide
    condition:
        (uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and any of them
}
HKTL_NET_GUID_DotNetToJScript
Detects c# red/black-team tools via typelibguid
source signature-base author Arnim Rupp (https://github.com/ruppde)
view YARA rule 
rule HKTL_NET_GUID_DotNetToJScript {
    meta:
        description = "Detects c# red/black-team tools via typelibguid"
        reference = "https://github.com/tyranid/DotNetToJScript"
        license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
        author = "Arnim Rupp (https://github.com/ruppde)"
        date = "2020-12-28"
        modified = "2025-08-15"
        id = "31827074-fc63-5690-b6c7-8e89daacc07f"
    strings:
        $typelibguid0lo = "7e3f231c-0d0b-4025-812c-0ef099404861" ascii wide
    condition:
        (uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and any of them
}
HKTL_NET_GUID_DotNetToJScript_LanguageModeBreakout
Detects .NET red/black-team tools via typelibguid
source signature-base author Arnim Rupp (https://github.com/ruppde)
view YARA rule 
rule HKTL_NET_GUID_DotNetToJScript_LanguageModeBreakout {
    meta:
        description = "Detects .NET red/black-team tools via typelibguid"
        reference = "https://github.com/FuzzySecurity/DotNetToJScript-LanguageModeBreakout"
        license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
        author = "Arnim Rupp (https://github.com/ruppde)"
        date = "2021-01-21"
        modified = "2025-08-15"
        id = "8c8cf79f-8e69-5293-b27a-1f8593061627"
    strings:
        $typelibguid0lo = "deadb33f-fa94-41b5-813d-e72d8677a0cf" ascii wide
    condition:
        (uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and any of them
}
HKTL_NET_GUID_DreamProtectorFree
Detects c# red/black-team tools via typelibguid
source signature-base author Arnim Rupp (https://github.com/ruppde)
view YARA rule 
rule HKTL_NET_GUID_DreamProtectorFree {
    meta:
        description = "Detects c# red/black-team tools via typelibguid"
        reference = "https://github.com/Paskowsky/DreamProtectorFree"
        license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
        author = "Arnim Rupp (https://github.com/ruppde)"
        date = "2020-12-13"
        modified = "2025-08-15"
        id = "9ebee989-3441-5a76-b243-08de978b541c"
    strings:
        $typelibguid0lo = "f7e8a902-2378-426a-bfa5-6b14c4b40aa3" ascii wide
    condition:
        (uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and any of them
}
HKTL_NET_GUID_Driver_Template
Detects .NET red/black-team tools via typelibguid
source signature-base author Arnim Rupp (https://github.com/ruppde)
view YARA rule 
rule HKTL_NET_GUID_Driver_Template {
    meta:
        description = "Detects .NET red/black-team tools via typelibguid"
        reference = "https://github.com/FuzzySecurity/Driver-Template"
        license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
        author = "Arnim Rupp (https://github.com/ruppde)"
        date = "2021-01-21"
        modified = "2025-08-15"
        id = "539f88c5-e779-55e0-98df-299a9068de9b"
    strings:
        $typelibguid0lo = "bdb79ad6-639f-4dc2-8b8a-cd9107da3d69" ascii wide
    condition:
        (uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and any of them
}
HKTL_NET_GUID_Dropless_Malware
Detects c# red/black-team tools via typelibguid
source signature-base author Arnim Rupp (https://github.com/ruppde)
view YARA rule 
rule HKTL_NET_GUID_Dropless_Malware {
    meta:
        description = "Detects c# red/black-team tools via typelibguid"
        reference = "https://github.com/NYAN-x-CAT/Dropless-Malware"
        license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
        author = "Arnim Rupp (https://github.com/ruppde)"
        date = "2020-12-13"
        modified = "2025-08-15"
        id = "0da3b6d8-2002-590e-a8d5-f6c84acfb083"
    strings:
        $typelibguid0lo = "23b739f7-2355-491e-a7cd-a8485d39d6d6" ascii wide
    condition:
        (uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and any of them
}
HKTL_NET_GUID_ESC
Detects c# red/black-team tools via typelibguid
source signature-base author Arnim Rupp (https://github.com/ruppde)
view YARA rule 
rule HKTL_NET_GUID_ESC {
    meta:
        description = "Detects c# red/black-team tools via typelibguid"
        reference = "https://github.com/NetSPI/ESC"
        license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
        author = "Arnim Rupp (https://github.com/ruppde)"
        date = "2020-12-13"
        modified = "2025-08-15"
        id = "a57c47e8-62bf-5425-9735-35a3e3a0c218"
    strings:
        $typelibguid0lo = "06260ce5-61f4-4b81-ad83-7d01c3b37921" ascii wide
        $typelibguid1lo = "87fc7ede-4dae-4f00-ac77-9c40803e8248" ascii wide
    condition:
        (uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and any of them
}
HKTL_NET_GUID_EWSToolkit
Detects c# red/black-team tools via typelibguid
source signature-base author Arnim Rupp (https://github.com/ruppde)
view YARA rule 
rule HKTL_NET_GUID_EWSToolkit {
    meta:
        description = "Detects c# red/black-team tools via typelibguid"
        reference = "https://github.com/rasta-mouse/EWSToolkit"
        license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
        author = "Arnim Rupp (https://github.com/ruppde)"
        date = "2020-12-28"
        modified = "2025-08-15"
        id = "acde7744-d17f-5e47-a5e2-ff4f4c4d8093"
    strings:
        $typelibguid0lo = "ca536d67-53c9-43b5-8bc8-9a05fdc567ed" ascii wide
    condition:
        (uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and any of them
}
HKTL_NET_GUID_EasyNet
Detects .NET red/black-team tools via typelibguid
source signature-base author Arnim Rupp (https://github.com/ruppde)
view YARA rule 
rule HKTL_NET_GUID_EasyNet {
    meta:
        description = "Detects .NET red/black-team tools via typelibguid"
        reference = "https://github.com/TheWover/EasyNet"
        license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
        author = "Arnim Rupp (https://github.com/ruppde)"
        date = "2021-01-21"
        modified = "2025-08-15"
        id = "8408a057-4910-5d7b-80bc-78df17c95bf7"
    strings:
        $typelibguid0lo = "3097d856-25c2-42c9-8d59-2cdad8e8ea12" ascii wide
        $typelibguid1lo = "ba33f716-91e0-4cf7-b9bd-b4d558f9a173" ascii wide
        $typelibguid2lo = "37d6dd3f-5457-4d8b-a2e1-c7b156b176e5" ascii wide
    condition:
        (uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and any of them
}
HKTL_NET_GUID_EducationalRAT
Detects c# red/black-team tools via typelibguid
source signature-base author Arnim Rupp (https://github.com/ruppde)
view YARA rule 
rule HKTL_NET_GUID_EducationalRAT {
    meta:
        description = "Detects c# red/black-team tools via typelibguid"
        reference = "https://github.com/securesean/EducationalRAT"
        license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
        author = "Arnim Rupp (https://github.com/ruppde)"
        date = "2020-12-13"
        modified = "2025-08-15"
        id = "b1d54bea-a6c4-5c57-9ee1-7438d503b01d"
    strings:
        $typelibguid0lo = "8a18fbcf-8cac-482d-8ab7-08a44f0e278e" ascii wide
    condition:
        (uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and any of them
}
HKTL_NET_GUID_Evasor
Detects c# red/black-team tools via typelibguid
source signature-base author Arnim Rupp (https://github.com/ruppde)
view YARA rule 
rule HKTL_NET_GUID_Evasor {
    meta:
        description = "Detects c# red/black-team tools via typelibguid"
        reference = "https://github.com/cyberark/Evasor"
        license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
        author = "Arnim Rupp (https://github.com/ruppde)"
        date = "2020-12-13"
        modified = "2025-08-15"
        id = "457959ed-3e90-52c7-89f9-e1b17b35260e"
    strings:
        $typelibguid0lo = "1c8849ef-ad09-4727-bf81-1f777bd1aef8" ascii wide
    condition:
        (uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and any of them
}
HKTL_NET_GUID_EvilFOCA
Detects c# red/black-team tools via typelibguid
source signature-base author Arnim Rupp (https://github.com/ruppde)
view YARA rule 
rule HKTL_NET_GUID_EvilFOCA {
    meta:
        description = "Detects c# red/black-team tools via typelibguid"
        reference = "https://github.com/ElevenPaths/EvilFOCA"
        license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
        author = "Arnim Rupp (https://github.com/ruppde)"
        date = "2020-12-28"
        modified = "2025-08-15"
        id = "2b2f5f6f-4224-5013-9e85-0ac088826bea"
    strings:
        $typelibguid0lo = "f26bdb4a-5846-4bec-8f52-3c39d32df495" ascii wide
    condition:
        (uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550) and any of them
}
Showing 401-450 of 5,941
Prev 9 Next
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin